PgBouncer: Multiple vulnerabilities
— GLSA 201701-24

Multiple vulnerabilities have been found in PgBouncer, the worst of
which may allow an attacker to bypass authentication.

Affected Packages

Package

dev-db/pgbouncer on all architectures

Affected versions

< 1.7.2

Unaffected versions

>= 1.7.2

Background

PgBouncer is a lightweight connection pooler for PostgreSQL.

Description

Multiple vulnerabilities have been discovered in PgBouncer. Please
review the CVE identifiers referenced below for details.

Impact

A remote attacker might send a specially crafted package possibly
resulting in a Denial of Service condition. Furthermore, a remote
attacker might bypass authentication in configurations using the
“auth_user” feature.